Smart factory vulnerabilities: operational aspects are not the only thing at risk
IoT provides opportunity for businesses to improve process, increase efficiency and thus productivity. Often times, this is as a result of a better experience for the end user, which for businesses can also be employees. A study from 2018 detailed how large scale IoT implementation helped contribute to improved levels of engagement amongst employees resulting in increased productivity, an increase in job satisfaction and improved performance which in turn positively impacted customers. This is a key reason behind a recent report suggesting the IoT security market is set to be worth $59.16 Billion by 2029. However, because many IoT devices are designed to focus on productivity and efficiency as a priority, many IoT devices are not built with security in mind. This has led to an expansive ecosystem of potential vulnerabilities, with many industries now trying to play catch up regarding security. Therefore, the benefits to both businesses and end users can quickly become redundant if proper IoT security practices are not put in place.
As highlighted, IoT allows businesses to streamline their operations and procedures, and factories are a great example. In 2019, the manufacturing industry invested around $200 billion in IoT according to IDC . This was nearly twice as much as the consumer IoT industry in the same year. In addition, in the first quarter of 2020, the smart manufacturing industry also grew substantially, topping out at a compounded annual growth rate of 12.4% forecasted until 2025 according to a ISG press release from 4 June 2020.
IoT systems can be designed to detect and eliminate problems automatically before they affect productivity and require manpower to solve them. An efficient IoT security set up means businesses spend less time contemplating and/or resolving security issues and can focus on their bottom line and productivity, meaning staff can focus on selling. In the long run, it is easier to fix multiple smaller issues through automatic IoT systems, than allowing them to grow which may affect an entire enterprise leading to substantial loses, those of which are becoming a more common occurrence in the daily news.
Whilst the negative affects off hackers shutting down factory machinery may seem obvious; hackers are also beginning to target less obvious aspects of the smart factory environment. Industrial Analytics describes the collection, analysis and use of data generated in industrial operations and is relevant to any company that is manufacturing and selling physical products. Predictive Maintenance (PdM) for example, is a term which has arisen from this concept. The idea is that systems use data to assess and predict irregularities and possible faults in equipment and processes so businesses can repair them before they malfunction and affect production. PdM challenges current approaches namely reactive maintenance (allowing parts to run to failure), planned maintenance (preventing problems but not driven by data) and proactive maintenance (treating the root cause but not the symptom of the issue). Research by Deloitte found that PdM can reduce the time required to plan maintenance by 20–50 percent, increase equipment uptime and availability by 10–20 percent, and reduce overall maintenance costs by 5–10 percent. This data is often unique to a particular factory/organization, built up over thousands of hours and almost impossible to replace. Hackers know the value of this data and will attempt to steal this information to force businesses into pay them back for the invaluable data. Therefore, smart factory IoT security needs to protect not only the operational aspect of devices/infrastructure, but also data systems at the same time.
A complete solution for smart factory IoT
The use of large IoT devices at scale in smart factory infrastructure often results in latency, capacity & security issues when attempting to use a Wifi connection. As a result, smart factories often us LTE or 5G networks. This means in most instances, smart factory IoT devices are connected to a router. Ergo, IoT manufacturing is vulnerable to both operational hacks and data leaks in the same way as other industries, as highlighted earlier.
On a more technical level, regarding smart factory routers, the control centre sends commands to each device through the router. Static information or ‘plain text’ is used during this communication and if a hacker can obtain this information during this communication, device control and/or data is vulnerable to hacking. Routers therefore act as a critical gateway in the smart factory IoT setup, and this also means the SIM card used in the router is also crucial.
OTAC (One-time-authentication-code) applet on SIM Card for example, focuses on the sim as opposed to the router. Before any command is transmitted to the device, the SIM can verify whether it is from the legitimate control centre of the factory in question. The SIM verification uses OTAC to generate a dynamic code that changes every single time but still identifies the correct user. Even if the codes between communication are stolen, the code is only valid at a single point in time and therefore it cannot be re-used.
This means instead of upgrading the firmware of each smart factory IoT device, the OTAC applet is applied to the SIM card, increasing the efficiency of integration and deployment. It can be applied to low-capacity devices that are usually difficult to continuously operate TLS or PKI stacks. In addition, it can also minimise memory usage and power consumption. A win for business efficiency & productivity, which in this growing industry is key.